The GSM encryption “hack,” & how it affects you

The Wall Street Journal reports that German “hacker” Karsten Nohl demonstrated how it was possible to break the security of GSM cell phones, and to monitor conversations and text messages as they take place.  However, before anyone starts fearing for their privacy, let us assess the real risk posed by this so-called breakthrough.

In his Hacking At Random 2009 lecture on the subject, Karsten points out that  products for monitoring GSM cell phone conversations and text messages already exist.  Kommlabs, of Noida, India, offers products that will decrypt and monitor GSM conversations and text messages [product sheets removed after publication of this article] as they take place.  What he goes on to discuss, is public access to this same capability.  When Karsten uses the word “public,” he is implying that this capability is now within reach of the general population.

In other words, the ability to monitor GSM conversations and text messages, as they take place, already exists.  What has happened, is an increase in the number of people who now have this capability.  But then again, this is a somewhat limited capability at best.

The “hack” only applies to the communications link between a particular cell phone and the cell tower.  At its worst, the capability is like being able to drive through a neighborhood, listening to cordless phone conversations.  However, due to current technical limitations, it is more like being able to listen to a particular cordless phone conversation; while sitting outside someone’s house.

In all the years The Assurer has worked on classified government projects; it has been widely accepted as fact, that cell phone conversations and text messages can be monitored.  What the public perceives as privacy, is simply a legislated “right” to be left alone; granted to us by the government.

As previously covered in the PSCT white paper, you must constantly discern the kind of information, you are willing to talk about over a cell phone; be it  by voice, picture, or text message.  If you are trying to discuss information of an extremely sensitive nature; unless it is protected by Attorney-Client privilege, do not discuss it using any electronic communications device, that does not use protection; that is equivalent or similar to a STU-III or STE.  A free product available from  The Zfone Project offers such protection.

Products such as Zfone, that offer end-to-end protection of phone communications, are secure because at no time is any part of the communication susceptible to monitoring; be it unauthorized or legally permitted, by warrant.

If you have any concerns or need for secure communications, please contact The Assurer for a consultation.

Spread the word!